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A modular signature and data capture device (20) including a VGA-caliber backlit LCD (50) which is superimposed with a pressure 
touch pad that is useable with a passive stylus (60). The LCD displays pen drawn signatures (70) and graphics in real-time, and can 
display images, menus, device instructions, virtual pressure-sensitive data keys, control keys which are stored in the device, or downloaded 
from a host system (30). The device includes a built-in a three-stripe magnetic card reader unit (80), and can accept PCMCIA-compatible 
accessories including solid state memory units and smartcards (140). Furthermore, the device is compatible with plug-in accessories 
including an external PIN keypad entry unit (190), a fingerprint unit (210), an omnibus unit including a printer and check processor. 
Security is provided by DES-encrypting PIN data and/or using Master/Session and/or DUKPT key management, or by using fingerprint 
token data as a PIN. 
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MODULAR SIGNATURE AND DATA - CAPTURE SYSTEM 

5 

FIELD OF THE INVENTION 
The invention relates generally to signature and data- 
capture equipment, and more particularly to such equip- 
ment providing a modular system capability, and providing 
10 capability to transact payment at point of transaction, 
and to issue a reward to a user of the system. 

BACKGROUND OF THE INVENTION 
Equipment that captures signature and other information 

15 drawn on a screen by a user is known in the art. For 

example, many businesses are beginning to adopt electron- 
ic equipment that captures a customer's signature to 
verify a credit card charge purchase. At a store or 
other point of transaction, the customer signs his or her 

2 0 name with a stylus on a screen surface. The screen sur- 
face responds to signals from the stylus or to force from 
the stylus. The signature data are collected and signal 
processed within the equipment for transmission, typical- 
ly by telephone link, to a central office. One such 

25 signature collection product is the PenWare 2000, a com- 
mercially available product marketed by PenWare Corp. of 
Sunnyvale , California . 
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At the central office, pre-stored data representing a 
genuine signature for the user are compared against the 
new data to confirm or deny authenticity of the new sig- 
nature. The central office then transmits signature 
5 authenticity confirmation or denial back to the equipment 
at the point of transaction. If desired, the same cen- 
tral office and information link can be used to signal 
the customer's present credit limit back to the point of 
transaction as well. 

10 

Many prior art systems use active capture technology, 
that often is relatively complex and expensive, and are 
not very robust . Such active capture technologies in- 
clude use of an infra-red ("IR") emitting active stylus 
15 and a signature capture pad that includes an array of IR 
detectors, or magnetic stylus and capacitive-based signa- 
ture capture pad. 

Such equipment should be backward- compatible with exist - 

2 0 ing signature and data-capture equipment, and should be 

compatible with the software command sets embedded in 
such existing equipment. 

Some signature capture systems include a sub- system for 
25 reading the magnetic track on a credit card, a debit 

card, or the like. Generally, to store more data on such 
cards, the industry is moving toward providing such cards 
with three strips of magnetic media on which data may be 
stored. Unfortunately many prior art systems do not 

3 0 accommodate more than a single strip magnetic card read- 

er. Further, prior art techniques for providing user 



WO 98/50876 



PCT7US98/09448 



security when using such cards frequently are limited to 
the use of personal identification numbers ("PINs"), 
which numbers can become lost or compromised. 

5 In the area of computer architecture, current design has 
evolved to accommodate standard buses, standard expansion 
slots and ports, and standardized add-on components. 
Unfortunately, prior art signature pad capture systems 
have tended to exhibit a closed architecture design that 
10 does not readily provide for standardized input and out- 
put signals and peripheral devices. 

When used in a commercial environment such as a store, 
such systems do not appreciably help the merchant in 
15 terms of reducing paperwork and expediting cash flow. 

Although at the moment of payment the merchant temporari- 
ly has the user's complete attention, such systems do not 
readily enable the merchant to promote further and addi- 
tional sales, for example by displaying on the system 

2 0 appropriate advertising and/or rewards, such as coupons 

for discounts on present or future purchases. 

Thus there is a need for a signature capture product and 
system that preferably employs backward- compatible stan- 
25 dardized architecture, that can interface with a variety 
of input/output and other peripheral devices. Preferably 
such device should read and write to a card bearing three 
magnetic stripes, and/or to a smartcard, and use a pas- 
sive stylus. Further, such product should have the abil- 

3 0 ity to provide security beyond that associated with PIN 

identification. In addition, the system should be use- 
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able to display merchant advertising and to issue rewards 
to the user, commensurate with the nature of the immedi- 
ate purchase. Finally, such system should be useable to 
facilitate instant transaction payment to a merchant, 
while minimizing paperwork, and should be able to assist 
a user in maintaining computerized financial data relat- 
ing to transactions made using the present invention. 

The present invention provides such a product and system. 

SUMMARY OF THE INVENTION 
The present invention provides a modular signature and 
data capture device that employs a standardized ISA bus, 
standardized communication ports, standardized PCMCIA 
card input, and standardized x86 CPU architecture. The 
use of such proven and standardized interfaces and CPU 
promote flexibility in using past, present, and future 
software and accessories. The device is intended for use 
at a point of transaction, e.g., when a user pays for 
goods purchased at a merchant store . 

A VGA backlit LCD is superimposingly combined with a 
pressure touch pad that is useable with a passive stylus. 
The LCD can display pen-drawn signatures, and graphics in 
real-time, and can display images and data stored in the 
device, or downloaded from a host system, including ad- 
vertisements and animation. The LCD can also display 
menus, device instructions, virtual pressure-sensitive 
data softkeys, and control sof tkeys . The device includes 
a built-in a three- stripe magnetic card reader unit and 
may include a built-in smart card reader. The device can 
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accept PCMCIA- compatible accessories including solid 
state memory units and smart cards. The device is con- 
nector-compatible with modular accessories including an 
external PIN keypad entry unit, and a fingerprint unit. 
5 An omnibus add-on accessory unit combines a fingerprint 
reader, a smart card reader, a check processor, and a 
printer . 



The omnibus unit permits an essentially paperless trans - 
10 action to be conducted, in which a user's check is pro- 
cessed in realtime by the omnibus unit and device and is 
immediately returned to the user as a receipt for payment 
of the present transaction. The transaction is completed 
instantly in that the device contacts the user's bank 
15 and, if funds are available, debits the account as pay- 
ment for the instant transaction. In this manner, the 
present invention facilities immediate payment to the 
merchant, and minimizes paperwork all around. 



2 0 Transaction security is provided by DES- encrypting PIN 

data and/or using Master/Session or so-called DUKPT (for 
derived unique key per transaction) key management, and 
by causing data stored within the unit to be erased if 
tampering of the unit occurs. In another embodiment, a 

2 5 numerical token representing a sampled portion of a 

user's fingerprint is stored for use as a PIN in a mag- 
netic card or a smart card carried by the user. At the 
point of transaction, the user's card is examined by the 
present invention, and the PIN token is noted. The de- 

3 0 vice is then used to capture the user's fingerprint and 

to calculate a token for this fingerprint. The PIN token 
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and this calculated token are then compared by the de- 
vice. If the device confirms a token match, the transac- 
tion completes. Otherwise the transaction is aborted and 
the store merchant is alerted by the device that the card 
may be stolen. 

The device may be used interactively at the point of 
transaction, for example to display advertisements on the 
LCD screen that are relevant to the user's purchases, or 
to print out relevant discount coupons. The device en- 
ables the merchant to create a profile for each user, and 
may be used to communicate purchase information to the 
user's own computer, e.g., via an internet link, for user 
accounting purposes . 

Other features and advantages of the invention will ap- 
pear from the following description in which the pre- 
ferred embodiments have been set forth in detail, in 
conjunction with the accompanying drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 
FIGURE 1 depicts a signature pad device with exemplary 
add-on options, according to the present invention; 

FIGURE 2 is a block diagram of a signature pad device and 
plug-in accessories, according to the present invention; 

FIGURE 3 depicts a signature pad device whose display 
shows a menu and virtual keys for user entry of data, 
according to the present invention; 



WO 98/50876 PCT/US98/09448 

FIGURE 4 depicts a signature pad device and omnibus plug- 
in accessory, according to the present invention; 



FIGURE 5 is a block diagram depicting additional services 
5 and functions provided by the present invention. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 
Figure 1 depicts a generic system 10 that includes a 
signature pad device 2 0 that preferably is coupleable to 

10 a host system 3 0 via a communications link 4 0 that may 

include a telephone line, a network or internet linkage, 
wireless linkage including satellite linkage, among other 
modes of information transfer. Host 3 0 may be a dumb 
terminal, an electronic cash register, a sophisticated 

15 centralized networked server, or other piece of equip- 
ment. Although Figure 1 shows a single device 20 coupled 
to host 30, in practice, many devices 2 0 may be coupled 
to a common host, and/or may be daisy- chained to one 
another. As will be described, device 2 0 has software 

2 0 capabilities that permit host 3 0 to download not only 

commands and status signals, but applications and forms 
as well . 

Device 2 0 includes a pressure sensitive screen and dis- 
25 play unit 50 that can respond to pressure from a passive 
stylus or pen 60. As will be described later, unit 50 
combines and superimposes a pressure sensitive pad 50A 
and as a liquid crystal display ("LCD") SOB into a single 
unit (see Figure 2) . A user can write a signature 70 on 
30 unit 50 using stylus 60, and simultaneously see the as- 
written signature displayed on unit 50. Of course, 

7 
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sketches and other graphics may be user-drawn on unit 50. 
Unit 5 0 can also display menus, commands, graphics, and 
other information from a processor unit within unit 20, 
or using data from the host system. 

5 

Unit 2 0 also can communicate input data and/or output 
data from other than screen 50. Unit 20 preferably in- 
cludes a magnetic card reader ( "MCR" ) 8 0 that can 
read/write data from as many as three magnetic stripes 90 
10 borne on a credit card or other substrate 100. The cred- 
it card 100 is hand-slid through a slit-like channel 110 
in the housing 120 of unit 20, and magnetically stored 
information may be read from or written to stripes 90 . 

15 Unit 20 preferably includes at least one accessory slot 

13 0 through which an accessory card 14 0 can be electroni- 
cally coupled to unit 20. Card 140 preferably has an 
industry-wide interface, e.g., PCMCIA type II, and may be 
a so-called smart card that internally stores user iden- 

2 0 tification data as well as a monetary value of the card. 

As such, the card may be used as a debit card. Device 2 0 
exhibits high degree of security when used with a smart 
card 14 0 in that the card internally stores the correct 
personal identify number ("PIN") for the card owner. 
25 When using device 20 and a debit smart card, a user must 
manually enter PIN data that matches the true data pre- 
stored in the debit smart card. If a PIN match results, 
a transaction can go forth if the monetary value of the 
card is not exceeded. Of course, other accessory cards 

3 0 14 0 complying with the internal interface standard may 

also be used. Further, PCMCIA compatibility permits the 
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preferred embodiment to function with many PCMCIA type II 
solid state memory units, among other accessories. 



Unit 20 also provides several input/output ports e.g., 
5 150, 160, 170 through which still other units and acces- 
sories may be accessed. Of course a greater or less 
number of such ports could be provided. Host system 3 0 
for example is accessed via port 160, preferably a serial 
RJ45 or a DB9 communication port. Preferably such ports 
10 can carry synchronous or asynchronous data at rates at 
least up to 19.2 Kbaud. An infra-red 

transmitter/receiver light emitting diode ("LED") 180 
preferably is also included to permit IR wireless commu- 
nication between unit 2 0 and other devices, a printer for 
15 example. A transducer 185 such as a loudspeaker is pro- 
vided to provide audio signal confirmation to the user 
with respect to entry of data, device status, and so on. 

At least one port, e.g., port 150, is disposed to provide 
2 0 the option of allowing accessory units to plug- into and 
be physically attached to unit 20. Such plug-in and 
attachment is depicted in Figure 1 by the large arrow 
point toward port connector 150. Of course accessory 
units whose form factor did not readily permit such at- 
25 tachment could still be used. Such units would be elec- 
trically coupled to unit 2 0 via a cable terminating in a 
connector appropriate to mate to the connector associated 
with port 150, or other port(s) associated with device 
20 . 
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One accessory unit 190 might include a key pad 2 00 to 
allow a user to enter data into unit 20, including for 
example a personal identification number ("PIN"). In the 
configuration of Figure 1, a connector (not shown) on the 
5 righthand side of unit 190 would be disposed so as to 

matingly engage connector 150 on unit 20 such that elec- 
trical and mechanical couplings results. Another acces- 
sory might be a fingerprint unit 210 that could include a 
screen 220 against which a user's thumb (or other finger) 

10 is pressed to make a print 230. Software within unit 210 
and/or unit 2 0 could signal process a portion of the 
resultant fingerprint data for transmission to host sys- 
tem 30. Host system 30 can compare the just made finger- 
print with previously stored fingerprint data for the 

15 user and provide absolute confirmation that the user is 

who the user purports to be. Of course unit 210 could be 
implemented with a standalone computer and scanner unit, 
whose output data were coupled to unit 2 0 via an input 
port , e.g., port 150 . 



20 



In the preferred embodiment, unit 2 0 is contained within 
a housing 12 0 that measures about 15 cm in width x 20 cm 
in depth by 4 cm in height, and weighs about 630 g. The 
useable area of pressure pad/LCD screen 50 is about 7.6 

2 5 cm x 10.2 cm. Figure 1 is intended to depict a preferred 

form factor, and it is understood that other form factors 
having other dimensions and weights could be used 
instead. Housing 12 0 preferably is made of an injection- 
molded plastic resin, and is ergonomically designed to 

3 0 accommodate right and left handed users. 



10 
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Preferably unit 20 is powered by a battery 240, e.g., 12 
VDC, although an internal AC-to-DC power supply could 
also be used. As shown in Figure 1, unit 2 0 includes a 
holder 250 for storing stylus 60 when it is not be used, 
5 and also includes a member 260 that permits securing unit 
2 0 to a desk or counter to prevent its unauthorized re- 
moval. Holder 250 may also be used with a cord or the 
like to secure stylus 60 to unit 20. 

10 Figure 2 is a block diagram depicting the preferred ar- 
chitecture 100 for unit 20, although other architectures 
might be utilized instead. Reference numerals in Figure 
2 that are the same as numerals used in Figure 1 can 
refer to the same unit or sub-unit. Note that what in 

15 Figure 1 was denoted as pressure pad/LCD unit 50 is shown 
in Figure 2 as touch pad 5 OA and LCD SOB. In terms of 
signal processing, signals associated with units 50A and 
50B may be handled differently, however from a user's 
perspective, these two units appear to function as a 

20 single module 50. Details as to design and fabrication 
of unit 50 are known in the art, and are not here pre- 
sented. As implemented, architecture system 300 is de- 
signed to be backward compatible with many existing sig- 
nature capture devices, for example the older PenWare 

2 5 model 2 000 unit, and to be compatible with the command 
set used in such earlier devices. 

Touch or pressure pad 50A preferably provides 4096x4096 
pixel resolution and acts as a writing surface upon which 
30 a user may draw or write (e.g., a signature, a sketch, a 
doodle), preferably with passive pen 60. By passive it 
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is meant that pen 60 may simply be a plastic or wooden 
pointed stick. In contrast to many prior art approaches, 
pen 60 need not emit or sense IR, or carry a magnet. As 
such, pen 6 0 and touch pad BOA are relatively robust and 
5 inexpensive to produce. 

As a user writes upon the surface of touch pad 5 OA, pres- 
sure sensitive sensors within the pad respond to user- 
drawn positions of pen 60. In practice, the 4096x4096 
10 pixels used in the preferred embodiment are adequate to 
permit signature verification. Of course, other resolu- 
tion pads could be used. 

Preferably LCD BOB is backlit and displays signature and 
IB images drawn by user on touchpad BOA. Further, LCD SOB 
can display forms, graphics controls, and generally per- 
mits unit 2 0 to act as a full featured transaction termi- 
nal. (For example, in Figure 3, a menu 400 including 
instructions 410, softkeys 420 and command key 43 0 is 
2 0 shown on LCD B0.) In the preferred embodiment, LCD BOB 
provides VGA 320x240 pixel resolution and includes a 
zooming engine. (It will be seen that the data capture 
resolution of pad BOA exceeds resolution of LCD BOB.) In 
the preferred embodiment, LCD BOB provides sufficient 
2B resolution and contrast to comply with the low vision 
requirements of the Americans with Disabilities Act 
(ADA) . 



30 



An analog- to-digital (A/D) interface 310 converts the 
analog pen position to the high resolution x-axis, y-axis 
coordinates of touch pad BOA. Pen-drawn pressure coordi- 

10- 
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nates may be communicated in raw format to host system 
30, or may be signal compressed and buffered within unit 
2 0 and then transmitted to host system 30. 

5 Architecture 3 00 includes a preferably industry standard 
architecture ("ISA") bus 32 0, which is drawn with bold 
lines in Figure 2. Bus 320 is used by the A/D interface 
unit and other units to couple information within unit 
20. For example, pen detection circuitry 330 receives, 
10 via bus 320, A/D pressure pad coordinate data from unit 
310, and thus can detect what the user has drawn upon 
touch pad 50. Display data for LCD BOB is output direct- 
ly by CPU 34 0. 

15 In the preferred embodiment, system 300 operates under 

control of an embedded microprocessor (CPU) 340, e.g., an 
x86-compatible processor operating at 16 MHz clock fre- 
quency. The use of industry standard x86 architecture 
and an ISA bus permits unit 2 0 to readily accommodate 

2 0 future expansion, for example via PCMCIA type II memory 
cards and the like. Further, such standard architecture 
facilitates ease of software programming and permits use 
of readily available, low cost tooling programs. For 
example, system architecture 300 is sufficiently flexible 

2 5 to permit a software developer to custom write applica- 
tions for touch pad 50A, and also to use a personal com- 
munications system to send commands and receive informa- 
tion bytes from the pad. The preferred embodiment pro- 
vides support for MS DOS/Windows 95, Windows 3.1 and 

30 Windows NT platforms. 

/3 



WO 98/50876 



PCT/US98/09448 



In Figure 2, read only memory (ROM) 3 60, preferably is a 
2 56 KB EPROM unit, stores firmware used to control CPU 
34 0, which firmware implements a command set for operat- 
ing unit 20. The firmware preferably supervises process- 
ing a signature or other writing 70 drawn on touchpad 50. 
The firmware also preferably encrypts a user's personal 
identification number (PIN) , provides on-the-fly data 
compression, and can control operation of any peripheral 
or optional attachments coupled to unit 20, by way of 
example, units 190, 210. 

Volatile random access memory (RAM) 350, preferably 256 
KB, provides in- system memory to maintain data including 
encryption key, custom stored signatures, customized 
logos to be displayed on LCD 50B. RAM 350 may also store 
compressed multiple complete signatures for transmission 
to host 40 upon request. Communications between CPU 340, 
ROM 360 and RAM 350 are via ISA bus 320. RAM 350 is 
backed-up by battery pack 24 5 to preserve such data dur- 
ing interruptions to the system main power supply 240. 

A copy protection switch unit 370 can provide a security 
feature that enables CPU 34 0 to protect encryption key 
data and to erase such data automatically if an attempt 
is made to open the case of unit 10. Attempts to tamper 
with device 2 0 will thus preferably result in automatic 
erasure of data, to promote data security. Such encryp- 
tion and copy protection features help ensure the securi- 
ty of transactions made using device 20. 
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Preferably serial communications interfaces 3 80 and 3 90 
couple serial port connectors, e.g., 160, to ISA bus 320 
using standard serial communications protocols. In the 
preferred embodiment, one RS-232 serial connector 170 and 
5 two RJ-45 connectors 160 are provided. The serial con- 
nectors may be used to provide communication between unit 
2 0 and a host system 30. Host system 3 0 may of course 
provide a full server- type computer system and will typi- 
cally be located off-site from the point of transaction 
10 whereat unit 2 0 is used. 



As noted, system 20 includes a built-in magnetic stripe 
reader (MSR) 80 that enables identification and other 
data encoded magnetically on cards 90 to be read as the 
15 card is slid through guide channel 110. The ROM-held 
command set preferably enables unit 2 0 to provide read 
operations for reading two or three track magnetic debit 
or credit cards 100, to help promote secure transactions. 



2 0 Further, CPU 34 0 and ROM 3 60 provide for reading and 

encrypting personal information number (PIN) data entered 
into unit 20, e.g., from a PIN pad accessory unit 190. 
In general, data entered using handwriting 70, data keys 
200, touch data (e.g., pressing on LCD 50 to select a 

2 5 displayed menu option) among other user responses may 
also be recognized by CpU 240. Unit 20 preferable in- 
cludes an audio transducer 185 to provide audible feed- 
back to confirm successful entry of PIN data, magnetical- 
ly encoded data, and the like. 



15 
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Optionally, unit 10 includes a port and electronics to 
accommodate a second and preferably LCD display 65 (see 
Figure 5) . When unit 10 is used at a point of transac- 
tion, the check-out counter of a store for example, sec- 
5 ond display 65 is mounted for easy viewing by the cash- 
ier. Display 65 replicates what is shown on display 50, 
and enables a check-out cashier to confirm, for example, 
that the consumer-user has written his or her signature. 
Smart card circuitry 145 may also be included within unit 
10 10, or may be included within an add-on unit such as unit 
225 (see Figure 4) . 

Device 2 0 preferably is implemented using application 
specific integrated circuits ("ASICs") to provide a low 
15 integrated circuit ("IC") chip count, to provide high 

reliability and to decrease fabrication costs. For exam- 
ple, the present invention, with its passive pen technol- 
ogy can maintain nearly 43,000 hours MTBF . 

2 0 Consider now the nature of hardware and software opera- 

tions with device 20. At a relatively unsophisticated 
level of operation, host 30 (e.g. a cash register or 
terminal) controls device 2 0 by issuing it various com- 
mands and then interpreting responses from device 20. 
25 Host 30 may signal device 20 that it is ready to accept 
signature data. Device 2 0 may then send signature data 
to host 3 0 in real-time or as blocks of compressed data. 
In the preferred embodiment, all communications are in- 
terrupt driven to insure a timely response without miss- 

3 0 ing data. Alteratively , a software development toolkit 

is available from assignee PenWare, Inc. for 16 -bit DOS, 
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Windows 3.x and Windows 95, 32-bit Windows NT and OS/2 
platforms. Toolkit library routines encapsulate details 
concerning touch pad-host communication, permitting ap- 
plication developers to focus on applications without 
5 undue concern for underlying details. Toolkit services 
range from libraries for traditional C/C++ environments 
to VBX and OCS controls for rapid program development 
environments such as Visual Basic and report generators. 
The PenWare software user's Reference Manuals for the 
10 PenWare 2000 and 3 000 are referred to for further appli- 
cation development information, and is incorporated here- 
in by reference to the extent necessary. 

A SigBox tool provides component software, OCX (OLE) 
15 links, and visual basic (VBX) functions. A SigKit pro- 
cesses signatures, encrypts, sales, converts, and can 
provide data in various formats including *.BMP, *.TIF, 
*.PCL, *.WMF, as well as providing * . DLL and C/C++ func- 
tions. A PadCom toolkit provides low level communica- 

2 0 tions to the pressure pad, including attachments thereto. 

As explained more fully in the above-cited Reference 
Manuals, when device 20 is powered-on, a message is dis- 
played on LCD 50 for a few seconds. During this interval 
25 the user can cause a setup menu to be displayed by touch- 
ing LCD SOB. The setup menu allows personalizing set- 
tings such as mode of operation, LCD brightness, audio 
control, etc., and also permits calibrating the touch 
pad. When exiting the setup menu (or if the LCD screen 

3 0 is not touched during the power-up cycle) , the unit dis- 
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plays a logo and is ready for communication with the host., 



As noted, unit 20 is controlled by host 30, which sends 
unit 20 one or more binary commands. Some of these com- 
5 mands will cause data values to be returned by unit 2 0 to 
the host via linkage 40 (which may in fact be wireless) . 
In the preferred embodiment, each issued host -command 
includes a 16 -bit opcode followed by a 16 -bit argument 
length, followed by optional argument data . Command 
10 results do not have an opcode or argument length fields, 
and consist of a stream of result arguments, All 16 -bit 
values are ordered as low byte followed by high byte. 



Each command sent from the host (or terminal) to the pad 
15 consists of 16-bit opcode followed by 16-bit arguments 
length, followed by optional argument data. The format 
is as follows: 



opcode 



arguments length 



(optional) arguments data field 



20 



The arguments length specifies the total length of the 
arguments in the argument data field. If the command 
does not have any argument data, the argument length 
value is set to zero, and the argument field is omitted. 



2 5 If the argument field exists, it may have one or more 

arguments, which may be fixed- length of variable=length. 
Fixed- length arguments have a size determined by the type 
of argument. The size of variable -length arguments is 
specified by a 16-bit argument length sub-field, follow 

3 0 by the actual argument data. 
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argument data 


field 




lenl 


argl 


arg2 


arg3 



If the argument field exists, the field may consist of 
5 one or more arguments. Each argument is either fixed 

length or variable-length. The size of each fixed-length 
argument is determined by its type. The size of each 
variable -length argument is specified by a 16-bit argu- 
ment length sub- field followed by the actual argument 
10 data. In the command format shown immediately above, 

three arguments are present. The first argument (argl) 
is variable-length with the length being specified by the 
preceding field (lenl). The two remaining fields (arg2, 
arg3) are each fixed-length arguments. 

15 

The format of data received by the host is a stream of 
result arguments, there being no opcode or arguments 
length fields. Similar to what was described for the 
host send command format, each result argument is 
20 fixed-length (the length being type-determined) or 

variable-length (the variable-length argument being spec- 
ified by a 16 -bit argument length sub-field preceding the 
actual argument data. Format of 16-bit values is low 
byte/high byte, that is for a 16 -bit value, the low byte 

2 5 precedes the high byte. 

By way of example, consider a command having no argument. 
(All of the following examples may be tested using 
VIEWCOMM operating under MS-DOS.) If it were desired to 

3 0 send a command clear the LCD screen, the following hexa- 

decimal byte stream would be issued: 
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$40$32$00$00 
The above byte stream may be viewed as follows: 



opcode 


arguments length 


$40$32 


$oo$oo 



5 

The first byte $4 0 is command opcode low byte, and the 
second byte $32 is the high byte. Together these two 
bytes comprise the full 16-bit opcode value of $3240, 
which is the command Display_Clear . The next byte is the 

10 arguments length parameter low byte value, for which last 
byte is the high byte. Since no arguments are present in 
this example, the arguments length value is equal to 
$0000, which arguments length value should always be 
included even when sending no arguments. After executing 

15 this command, the LCD screen will be cleared, and there 
is nothing to be returned to the host computer. 

Consider now an example of a command that requires four 
fixed length argument bytes of the AREA type. Suppose 

20 it is desired to draw a solid box on the LCD screen, 

starting at the horizontal column position $20 and verti- 
cal row position of $10, using a size $30 horizontal 
columns by $4 0 vertical rows. Drawing such box would 
result from sending the following stream of bytes: 

25 $51$32$08$002 

The byte stream may be viewed in a more simplified fash- 
ion as shown below: 



opcode 


arguments length 


arguments data field 


$51$32 


$08$00 


$2 0$00$10$00$3 0$00$4 0$00 



30 

2.0 
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In the above depiction, the first two bytes represent the, 
opcode in the low byte/high byte format. Collectively 
these two bytes comprise the 16-bit value $3251, which is 
the command Display__Box . The second two bytes represent 
5 the arguments length, here equal to $0008, since a total 
of 8 bytes follow in the argument data field. 

The arguments data field contains the following informa- 
tion : 

10 



argument data field 


POINT data type 


VAR data type 


column 


row 


length 


bytes 


$08$00 


$10$00 


$05$00 


HELLO 



The first two bytes represent the horizontal column posi- 
tion and the vertical row position, whereat drawing the 
box should begin. The third two bytes represent the 
2 0 horizontal column size to use when drawing the box, and 
the fourth two bytes represent the vertical row size to 
use when drawing the box. After executing this command, 
there is nothing to be returned from the pad to the host 
computer . 

25 

Consider now a more complex example of a command that 
requires both fixed length arguments (POINT data type) 
and one variable -length argument (VAR data type) . If it 
is desired to display the text message "HELLO" at LCD 
30 screen horizontal column of $0008 and vertical row $0010, 
the following stream of bytes would be sent: 



2\ 
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$8 0$32$0B$0 0$0 8$0 0$10$0 0$05$00HELL0 



Again, to simplify this example one can view the bytes as 
follows : 



opcode 


arguments length 


arguments data field 


$80$32 


$0B$00 


$08$0 0$10$0 0$05$0 0HELLO 



The arguments length value equals $00 OB in hexadecimal 
(11 in decimal) because the arguments length value is 
equal to the full length of all of the arguments in 
bytes. The argument data field in this example contains 
11 total bytes, and the arguments length field must al- 
ways equal the exact amount of bytes to follow in the 
argument data field. 



Consider now the argument field, which may be represented 
as follows: 



arguments data field 


POINT data type 


VAR data type 


column 


row 


length 


bytes 


$08$00 


$10$00 


$05$00 


HELLO 



The first set of bytes is the low byte, high byte hori- 
zonal column position, and the second set of bytes is the 
low byte, high byte vertical row position. The next set 
of bytes is the length of the variable- length data that 
is to follow, here the five-byte character string "HEL- 
LO" . The next five bytes represent the character string 
to be displayed, here "HELLO" . 



ZZ 
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The present invention can also handle bitmaps, for exam- 
ple an image drawn with passive pen 6 0 upon the touch 
screen 50A. In a bitmap, an image is represented digi- 
tally such that each pixel in the image corresponds to 
5 one or more bits in the bitmap. The VAR bits are a 

pointer to a buffer that holds byte-aligned bitmap bits 
to be stored as an array of byte values. As implemented, 
the VAR bits are used in command $2 050 Mem^LoadBitmap , 
$3290 Display_Bitmap, and $32F4 Display_SetLogo . To 
10 avoid conflict, bitmap bits should not include Windows 
BITMAP I NFOHEADER or color table. 



Device 2 0 may be configured to capture and transmit sig- 
nature data to the host as soon as available, e.g., in 

15 real-time. Alternatively, signature data can be captured 
and stored or buffered within unit 2 0 for later transmis- 
sion to the host. A Pad_Record command, or a 
Pad_RecordBuf command is used to start a signature cap- 
ture session. As it is being written on touch pad 50A, 

20 the signature is displayed on LCD 50B. The signature 
will remain displayed until a Pad_Reset command is re- 
ceived from the host. The host application will deter- 
mine when to terminate the signature signing session. 

25 Such termination can be accomplished by host-setting a 

predetermined time for signing, by viewing the signature, 
or by a completion indication from the signing user. The 
completion indication may be entered using a virtual 
(e.g., LCD-displayed) control key such as softkey 430 

30 shown in Figure 3. The user's pressing LCD 50 in the 
area of control key 43 0 (or the equivalent) causes a 
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Pad_Stop or Pad StopBuf command to issue, which ends a 
signature signing session. 

Signature real-time and buffered captured modes will now 
5 be described. Real-time signature capture x-axis , y-axis 
coordinates and pen status data can be sent to the host 
as soon as they are available. When the Pad__Record com- 
mand is sent from the host to device 20, device 2 0 re- 
sponds by sending the signature data in real-time to the 
10 host. Preferably, the format of this real-time data is a 
uncompressed vector contained in five byte packet, al- 
though other formats could be used. Issuance of the 
Pad_Stop command terminates real-time signature capture 
mode . 

15 

In buffered signature capture mode, signatures can be 
stored in internal RAM 350 within device 20, for 
uploading to the host when requested. Procedurally, a 
Pad___RecordBuf command is first issued by the host to 

20 initiate a buffered capture mode. Device 20 then cap- 
tures and stores all pen strokes on touch pad 50A to an 
internal buffer (which may be associated with RAM 350) , 
while simultaneously displaying the pen strokes on LCD 
SOB. At the end of signature signing session, the host 

25 issues a Pad__StopBuf command to terminate capture. The 

host then requests transmission of the buffered signature 
by sending a Pad_GetBuf command to device 20. Device 20 
then sends the signature data in compressed format to the 
host. In the preferred embodiment, the device buffer may 

30 retain up to 100 signatures at a time, although larger or 
smaller storage capacity may be implemented. 
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Assume that device 2 0 is to read magnetically encoded 
information (using MSR unit 80) in one or more stripes 90 
on a card 100, as shown in Figure 1. The host issues a 
Card__GetTrack command followed by the track number, e.g., 
5 track 0, 1 or 2 in the preferred embodiment. Device 2 0 
will then return the track data read from card 100, if 
available. A Card_Reset command is then used to purge 
track storage buffers within device 20, e.g., associated 
with RAM 3 50, such that a new card 10 0 may be read. 

10 

As noted with respect to Figure 1 and Figure 3, device 2 0 
may be used with a PIN pad unit 190. Alternatively, LCD 
BOB may be caused to display soft-keys that the user can 
touch to key- in PIN and other numeric data. In either 
15 event, the user is prompted to enter a PIN number, typi- 
cally in conjunction with a debit transactions. 

In Figure 3, for example, LCD 50 presents the user with a 
menu display 400 that includes instructions 410, a virtu- 

20 al keypad 420, and one or more soft control keys 430. If 
the user wishes to input a PIN that is, for example, 
3642, the user presses the soft "3" key, the soft "6" 
key, the soft "4" key and the soft "2" key displayed on 
the LCD. As the target areas to be pressed are relative- 

25 ly large, the user may press the softkeys with a finger 
or with pen 60. 

Audible feedback from transducer 185 can provide the user 
with appropriate confirmatory entry response. Such re- 
30 sponse might be a simple audible "beep" or in a more 

sophisticated implementation, transducer 185 could emit 

2.5 
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the spoken word corresponding to each softkey digit as 
the key is pressed. Circuitry and techniques directed to 
computer-generation of spoken words corresponding to 
digital entries are well known in the art, and will not 
5 be described further herein. 

The host system activates PIN pad 200 on an accessory 
unit 190, or a virtual PIN pad 42 0 on LCD 50 by issuing a 
Prompt_PIN command. When a user enters a PIN and presses 

10 an ENTER key (e.g., the "# M key), the PIN is encrypted 

and sent to the host. Device to host transmission pref- 
erably uses a ANSI X9 . 8 PIN block format. A valid PIN 
will contain between four and twelve digits, and the host 
will return an error message if the PIN is invalid. The 

15 returned message may be displayed on LCD 50 and/or audi- 
bly sounded via transducer 185. If a printer is coupled 
to device 20 (e.g., by cable or by IR) the return error 
message may be printed. 

2 0 To promote transaction security, all PINs are preferably 

data encryption standard ("DES") FIPS PUB 46, 1977 en- 
crypted using DUKPT (ANSI X9.24) or Master/Session key 
management . Before using the hardware or the virtual PIN 
pad, the user is asked to input an initial encryption key 
25 and serial number into device 20 in a secure environment. 
In the preferred embodiment, the DUKPT key management 
system derives a new key for each PIN encryption, and can 
derive more than one million keys. In a so-called Mas- 
ter/Session procedure, a master key is injected into the 

3 0 pad in a secure environment, and thereafter, new session 

keys, encrypted by the Master Key, can be sent to the 

26 
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pad. Device 2 0 preferably uses the master key to deciphe 
r the new transaction key, which is then used to encrypt 
user PIN data sent to the host. 

5 To promote security, preferably the initial key can never 
be read back from the device, and is automatically delet- 
ed if there is an attempt to tamper with the device. The 
initial key is stored in battery backed 350. 

10 While the present invention accommodates use of PIN-secu- 
rity, PIN numbers may be lost or compromised, for exam- 
ple, the user may inadvertently misplace a paper contain- 
ing the PIN numbers. The present invention preferably 
provides the ability to use fingerprint identification 

15 from the user as a form of PIN identification. In addi- 
tion to or as an alternative to the use of fingerprints 
described earlier herein, a preferred embodiment scans a 
fingerprint 230, which is to say, scans the user's fin- 
gerprint, pressed against surface 220. To reduce manu- 

2 0 facturing cost and product weight, scanning may be accom- 
plished using a miniature linear charge coupled scanning 
device ("CCD"), of the general sort as are found in FAX 
machines. Such a device is shown in phantom as element 
125 in Figure 4, and is mechanically moved (as shown by 

2 5 the accompanying double arrow) to scan the image of a 

finger pressed against region 220. Such a CCD element 
typically is about 1" (2.54 cm) in length and includes 
perhaps 300 elements, providing 300 dpi scan resolution. 
E.G. Sc G . Reticon Co. of Sunnyvale, California is one 

3 0 manufacturer of such devices. 
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Rather than store the totality of fingerprint data, it is 
possible to electronically examine, within a unit 210 
(Figure 1) or a unit 225 (Figure 4) a portion of the 
total fingerprint. An algorithm is executed by CPU 340 
5 to represent this minimal fingerprint data as a digital 

token, or number, which may be used as a fingerprint PIN. 
This PIN number may be electronically stored, for example 
on a magnetic strip 90 associated with a card 100, or 
stored within an IC contained in a smart card 140. It is 
10 in fact possible to generate a substantially unique PIN 
token for a given fingerprint and store the token within 
less than about 60 bytes of data. 

A system 10 equipped with a fingerprint accessory unit 
15 210 or 225 or the like is used as follows. Either before 
or during the transaction, the user presses his or her 
fingerprint against surface 22 0, whereupon a token is 
generated in realtime corresponding to the fingerprint . 
This token is then compared against fingerprint PIN token 
20 information stored in the user's card 100 or card 140. 

If the tokens agree (as determined by electronics within 
unit 10), the user is the owner of card 100 or 140, and 
the transaction may go forth. If the tokens do not 
agree, absent an error in generating one of the tokens, 
25 the user is not the owner of card 100 or 140. Under 

these circumstances, the transaction should not be com- 
pleted, absent other positive identification to the rea- 
sonable satisfaction of the merchant at the point of 
transaction . 

30 
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In this fashion, the user need not memorize a PIN to 
secure transactions, and indeed if card 100 or 140 were 
lost or stolen, the resultant token mismatch when the 
card(s) were attempted to be used would bar the transac- 
5 tion from completion. Indeed, since users would not know 
how system 10 functions, it is likely that a thief would 
not risk introducing what appears to be fingerprint iden- 
tification into the merchant's computer system, and would 
simply not use card 100 or 140. 

10 

Further details as to the internal display operation of 
device 10 will now be given. Device 2 0 displays graphic 
and text information, including advertisements, on its 
integrated high contrast backlit LCD pixel graphic dis- 

15 play 50 in the following manner. To display data at any 
time, the host issues a command such as Display_Text . If 
desired, the host can download a bitmap image for input 
into battery backed RAM 350 for immediate display on LCD 
5 0 when device 2 0 powers -up. Such image may also be 

2 0 displayed programmat ically at any time by issuing a Dis- 
play_Logo command. The image may be a custom logo to 
help the user identify the application. The image may 
also present a helpful message to the user. The pre- 
ferred embodiment provides two displayable text fonts: a 

25 small 8 pixel x 8 pixel font and a larger 16 pixel x 16 
pixel font. Text, graphics, and pen strokes can be dis- 
played on LCD 50 simultaneously. 



Optional add-on unit 22 5 in Figure 4 is an omnibus unit 
3 0 that includes a fingerprint identification unit 22 0 (and 
associated electronics) , electronics 145 for reading a 
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smartcard 140, an internal printer 65 for printing indi- 
cia such as an itemized receipt 75, and electronics 195 
for reading and processing a user's check 2 05. Of course 
unit 22 5 could include fewer than all of these features, 
5 or could include still additional features. 

The operation of the check processing function of unit 
22 5 will now be described. As shown in Figure 4, check 
205 is inserted into slot 215 within unit 225, and is 

10 moved up and through the unit in the direction shown by 
the curved arrow. Electronics 195 magnetically reads 
characters 235 imprinted on the check, which characters 
identify the user's bank and bank account number. Commu- 
nications link 40 enables unit 10 to communicate in sub- 

15 stantially realtime with the user's identified bank to 
confirm there are sufficient account funds to negotiate 
the transaction at hand. (By substantially realtime it 
is mean that if communications does not occur within 
seconds, any time delay will be less than perhaps a min- 

20 ute or so.) If not, display 50 can signal the check-out 
cashier appropriately, for example through an auxiliary 
display unit 55, and/or speaker 185 can emit an audible 
warning . 

25 In practice, the consumer purchaser would sign check 205 
and insert the otherwise blank check into slot 215 in 
unit 225. Alternatively, the customer need not sign the 
check, but would write a signature on screen 50. System 
10 knows the merchant store identification and the dollar 

3 0 amount to be charged from host information available via 
link 40, and knows the user's bank and account number 

3o 
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from indicia 23 5 on the check. Assuming that information 
transmitted via link 40 to a clearing house for the 
user's bank confirms available funds to complete the 
present transaction, printer 85 will then print the date, 
5 the dollar amount, and the merchant store as payee on 
check 2 05. Printer 85 can also print the customer's 
signature 70 on the check, and legally "VOID" the check, 
e.g., by printing "VOID" thereon. Processed check 205 
will then emerge from the exit portion 217 of the contin- 
10 uation of slot 2 05, but near the rear portion of device 
225, as shown in Figure 4. If desired, other documents 
75 printed by printer 85 may also emerge from the same 
exit slot portion 217 as a processed check 205. 

15 The check-out cashier will then hand the check to the 
customer as a transaction receipt, as the funds have 
automatically been transferred from the identified bank 
account into the merchant's bank account. Of course, the 
customer may also be given a printed receipt 75 enumerat- 

2 0 ing the items purchased and their cost. Security in the 
above transaction can of course be promoted if the mer- 
chant insists upon use of a credit card 10 0 or smartcard 
14 0, whose memory includes for example either PIN or 
preferably fingerprint PIN token information. Such secu- 

25 rity will protect the user against misuse of lost or 
stolen checks . 

It will be appreciated that the above -described use of 
system 10 permits instant transfer of funds, with minimal 
30 generation of paperwork. From the merchant's perspec- 
tive, payment for the transaction occurs in realtime, and 
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the transaction is memorialized electronically. From the 
standpoint of the user's bank, there is no paper check to 
be negotiated and mailed back to the user as the user al- 
ready possesses the "voided" or "cancelled" check as a 
5 transaction receipt. 

If the transaction has involved the user of card 100 or 
140, e.g., to further identification and security, card- 
stored information may include the customer's internet 
10 address and customer accounting information, e.g., that 
the customer maintains a Quicken-compatible accounting 
database on a home computer. System 10 can, if desired, 
automatically couple data memorializing the instant 
transaction over link 40 to the customer-user's database, 
whereupon the database is updated to reflect a debit for 
the subject transaction. If, for example, the transac- 
tion (or a part thereof) represents a tax deduction to 
the user, the user can input such information using sys- 
tem 10, whereupon the updated user database will properly 
tag the deductible portion of the subject transaction. 
Note too that since the user's identity and itemized 
present purchases are known to the present invention, the 
present invention can facilitate creation and maintenance 
of a purchase profile for each user. Stored preferably 
within the merchant's computer system, such a profile may 
be used by the merchant to determine effectiveness of 
advertising, goods placement on shelves, and so forth, on 
a per customer basis. 



15 



20 



25 



30 



Figure 5 depicts operative steps for the above proce- 
dures, as well as the use of system 10 to provide instant 

32 
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advertisement and reward coupons to the customer user. 
Although Figure 5 is described within the context of a 
merchant retail store operation, it will be appreciated 
that other working environments are also applicable. 

5 

In Figure 5 at the upper left-hand corner, unit 10 (shown 
here with omnibus add-on unit 225) is coupled via link 
4 0 (data path A) to a host unit 10, here a server system, 
perhaps present within a merchant retail store. As will 

10 be described, reward-type information will be coupled 

over data path B from host system (or in-store processor, 
ISP) 30 to unit 10. Unit 10 and (if present, accessory 
display 55) is preferably located at the check-out area 
of a retail store. As has been described, it is assumed 

15 at this juncture that the purchaser has self -identified 
using a smartcard or a credit -type card with magnetic 
strips, and is identified to system 10. Assume too that 
a cashier has rung-up the user transaction on a cash 
register (or the equivalent) , and that the transaction is 

2 0 almost complete. 

Among the information carried by data path A will be an 
itemized list of the user's purchases, for example, 2 
bags of Brand X potato chips at $1.2 0/bag, 1 carton of 

25 Brand Y soda at $2.95, and so on. These line items com- 
prising the transaction may be coupled via data path C to 
a corporate level server unit 500. Whereas the in store 
processor or store server system 3 0 can readily decrement 
the store inventory by the items being purchased, the 

30 corporate level server 500 can do likewise for this 
store, and other stores also coupled to server 500. 

33 
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Preferably the corporate level server will transmit via 
data path E the debit/credit information pertaining to 
the subject transaction to a central clearinghouse for 
settlement . 

5 

Stored within, or made accessible to corporate level 
server 500 and/or merchant level server 30 is a database 
list of store-carried items for which rewards or promo- 
tions are to be issued in realtime to the user at the 

10 point of sale. For example, Brand X potato chips may 

wish to offer the user an immediate discount coupon for 
another type of Brand X chips, or a chip dip, or the 
like. Brand Y soda may wish to offer a discount coupon 
for the purchase of ice cream, and so on. Other items 

15 purchased by the user may not be the subject of a reward 
promotion. 

Merchant server system 3 0 and/or corporate level server 
500 may generate and store a profile of the individual 

2 0 customer's purchases, and in fact some rewards may be 

associated with a pattern of purchases by a given custom- 
er. Perhaps a customer who routinely purchases beer will 
be offered a discount coupon for pretzels after the third 
such beer purchase. The profile information may also be 
25 useful to the merchant store in deciding how effective 

shelf placement of certain goods has been, or how effec- 
tive advertising has been. The inclusion of system 10 
permits uniquely identifying sales and sales patterns to 
specific customers, by name, and potentially by sex, by 

3 0 age, by residence, and so forth. 

34 
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Data path D can communicate to the merchant server infor- 
mation to be presented immediately to the purchaser. 
Merchant server 3 0 couples this information along data 
path B to system 10. If the information is a coupon or 
the like, preferably the printer associated with unit 225 
immediately prints-out the relevant discount coupon (s) 
22 5, or other promotional information. If desired, the 
coupon (s) can also be displayed. It is understood that 
data paths A and B may in fact be coupled over a single 
bus of wires. 

It will be appreciated that at the time the transaction 
is being completed, the merchant has the user's complete 
attention, if for no other reason than to ensure there is 
no inadvertent overcharge. Thus, data path B may advan- 
tageously carry advertisement type information into unit 
10, for display. Such advertisement may be ads for prod- 
ucts associated with the user's present purchases, e.g., 
perhaps a pretzel ad if beer is now being purchased. 
Using a history of past purchases by this user (such 
purchases being stored within system 3 0 and/or system 
500) , the ads may intelligently present information di- 
rected to the user. For example, if the user routinely 
purchases dietetic food, an ad for a new type of dietetic 
food carried by the merchant might be displayed, and so 
forth. Such ads may include video animation and/or 
sound . 

As noted, in identifying himself or herself to unit 10, 
the user's identification card (smart or magnetic strip) 
may include the user's e-mail or internet address, and 
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personal accounting software information. In a preferred 
embodiment, data path F couples information, optionally 
via the internet 520 or other communications link to the 
customer's server unit 53 0, perhaps located at the 
5 customer's home or business. Stored within the customer 
server may be a database of the customer's financial 
transactions, stored perhaps as part of a financial ac- 
counting software program 540. Drawing upon information 
made available from warehoused records 510 for this user, 

10 the merchant and corporate level servers can periodically 
update via data path H the user's server 53 0, such that 
financial software 540 is current on at least a weekly or 
monthly basis. Of course more frequent updates could 
also be provided. The user's printer 510 may then pro- 

15 vide hard copies 550 of receipts and other records rele- 
vant to the transaction made using device 10. 

It will be appreciated from the foregoing description 
that the present invention provides a flexible signature 

2 0 capture device whose architecture readily allows for 

present and future expansions. The use of standardized 
architecture, ports, and a built-in PCMCIA type II inter- 
face further promotes flexible expansion, and contributes 
to decreased fabrication and programming costs. The 

25 preferred hardware integration reduces IC chip count and 
improves price/performance attributes . 

Modifications and variations may be made to the disclosed 
embodiments without departing from the subject and spirit 
30 of the invention as defined by the following claims. 
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WHAT IS CLAIMED IS: 

1. A self-contained modular signature capture 
device , comprising : 

a writing/display unit including a pressure pad 
5 responsive to writing thereon with a passive stylus, and 
including a liquid crystal display superimposed with said 
pressure pad; 

a central processor unit (CPU) coupled to read-only- 
memory (ROM) storing at least one software executable by 
10 said CPU for operating said device, and further coupled 
to random access memory (RAM) , and to said 
writing/display unit; 

an ISA-compatible bus coupled to said CPU; 

electronic circuitry, coupled to said bus and re- 
15 sponsive to said writing so as to present on said display 
an image of said writing, in which said writing appears 
to a user to result in said image; 

interface circuitry, coupled to said bus, to permit 
operatively coupling at least one add-on accessory to 

2 0 said device; 

a magnetic card sub-unit, coupled to said bus, to 
permit magnetically reading and writing data to a card 
carrying at least two stripes of magnetic media; 

and 

25 communication interface circuitry, coupled to said 

bus, to permit coupling said device to a communications 
link for data transfer to an electronic system. 

2. The device of claim 1, wherein said ROM 

3 0 includes a routine providing at least one of (a) DES- 

encryption for PIN data input to said device by a user, 
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(b) Master/Session key management, (d) DUKPT key manage- 
ment, and (d) erasure of data stored in said RAM upon 
detection of tampering with a housing enclosing said 
device . 



3. The device of claim 1, further including elec- 
tronics, coupled to said bus, enabling said display to 
display at least one of (a) a menu of user options for 
operating said device, (b) commands, (c) graphics, (d) a 
10 virtual keypad for user operation of said device, (f) a 
reproduction of an image drawn on said pressure pad, and 
(g) imagery including promotional data generated exter- 
nally from said device and coupled via said communica- 
tions link and via said communication interface circuit- 



al. The device of claim 1, further including, in- 
ternal to said device, circuitry enabling said device to 
interface and function with a PCMCIA-compatible card. 



5. The device of claim 1, wherein said CPU, said 
bus, and each of said circuitry are compatible to stan- 
dardized x8 6 CPU architecture. 



5 



15 



ry. 



20 



25 



6 . 



The device of claim 1, wherein said interface 



30 



circuitry permits coupling said device to at least one 
add-on accessory selected from the group consisting of 
(a) a PIN entry unit, (b) a fingerprint unit that can 
examine at least a portion of a finger pressed against 
said accessory and cause to be generated a numerical 



token that is a PIN of said finger, (c) a printer for 
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printing data provided to or generated by said device, 
(d) a smartcard reader for reading and writing data to a 
smartcard inserted into said accessory, and (f) a check 
processor that receives a check and can print thereon a 
5 user's signature previously written on said pad and can 
print thereon a dollar amount and payee information 
available to said device and that scan bank and user 
identification printed on said check. 

10 7. A system useable at a point of transaction to 

memorialize a transaction and facilitate realtime com- 
pletion of said transaction, comprising: 

a self-contained modular signature capture device, 
including : 

15 a writing/display unit including a pressure pad 

responsive to writing thereon with a passive stylus, and 
including a liquid crystal display superimposed with said 
pressure pad; 

a central processor unit (CPU) coupled to read-only- 

2 0 memory (ROM) storing at least one software executable by 

said CPU for operating said device, and further coupled 
to random access memory (RAM) , and to said 
writing/display unit; 

an ISA- compatible bus coupled to said CPU; 
25 electronic circuitry, coupled to said bus and re- 

sponsive to said writing so as to present on said display 
an image of said writing, in which said writing appears 
to a user to result in said image; 

interface circuitry, coupled to said bus, to permit 

3 0 operatively coupling at least one add-on accessory to 

said device; 
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a said add-on accessory, coupled to said interface 
circuitry; 

a magnetic card sub-unit, coupled to said bus, to 
permit magnetically reading and writing data to a card 
5 carrying at least two stripes of magnetic media; 
and 

communication interface circuitry, coupled to said 
bus, to permit coupling said device to a communications 
link for data transfer to an electronic system; 
10 and 

a host system, associated with said point of trans- 
action, coupled to said device via said communication 
interface circuitry; 

wherein a transaction at said point of transaction 
15 is itemized and entered into said host system; 

wherein payment for said transaction is accomplished 
by a user inputting a user PIN into said device and writ- 
ing a signature on said pressure paid; 

said device comparing the user input PIN with a PIN 
2 0 stored in a card read by said device and if there is 

substantial identity between each said PIN, said transac- 
tion may proceed; 

wherein said device via said host system causes a 
decrement to a user account identified on a said card in 
25 an amount due for said transaction. 

8. The system of claim 7, wherein said accessory 
includes a fingerprint unit operating to generate a token 
fingerprint PIN in response to pressing of a finger of 
30 said user against said accessory, wherein said finger- 
print PIN is said user input PIN; and 
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wherein said PIN stored in said card is a token 
previously generated by a said device in response to said 
user pressing said finger against a said fingerprint 
unit, a said device then storing said PIN in a said card 



9. The system of claim 7, wherein said card is 
selected from the group consisting of (a) a magnetic card 
containing at least two stripes of magnetic media, and 



10. The system of claim 7, wherein said fingerprint 
unit includes a linear CCD strip scanning element that 
mechanically scans at least a portion of said finger 

15 pressed against said fingerprint unit. 

11. The system of claim 7, wherein said user input 
PIN is manually input to said device by a user using at 
least one mechanism selected from the group consisting of 

20 (a) a virtual PIN pad displayed on said display, and (b) 
a PIN pad in said accessory. 

12. The system of claim 7, wherein said accessory 
includes a printer, and a check processor unit that me- 

25 chanically receives into said accessory a bank check 

belonging to said user; 

said check processor unit reading identification of 

said user, said user's bank and bank account number from 

magnetically inked indicia on said check, and coupling 
3 0 all such information to said device for coupling to said 

host system; 



5 



belonging to said user. 
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(b) a smartcard. 
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said user writing a user signature on said display, 
wherein said check processor unit can print on said check 
at least one of the following (a) said signature of said 
user, (b) a dollar amount for said transaction as deter- 
mined by said host system, (c) payee for said transaction 
as determined by said host system, and (d) a legal notice 
that said check is now voided; 

wherein upon being processed by said check processor 
unit, said check is a receipt for said user of said 
transaction . 



13. The system of claim 12, wherein said host sys- 
tem communicates data identifying said user's bank and 
bank account number to a clearinghouse and receives 
substantially realtime confirmation that adequate funds 
presently are in said account to pay for said transac- 
tion; 

wherein said host system causes said account to be 
debited substantially in realtime by an amount of said 
transaction, said amount being transferred substantially 
in realtime to an account of said payee. 

14. The system of claim 12, wherein said host sys- 
tem uses data received from said device to generate and 
store a purchase profile for said user; 

wherein said purchase profile is updatable with each 
succeeding purchase by said user using said device; 

said purchase profile being useable to ascertain 
effectiveness of advertising and shelving displays of a 
product with respect to resultant sales to users of said 
product . 
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15. The system of claim 12, wherein said host sys- 
tem is coupleable to a database containing information as 
to items whose purchase is intended to create a user 
event ; 

wherein said user event is selected from the group 
consisting of (a) an advertisement presented on said 
display, (b) an animated sequence of video presented on 
said display, (c) product information presented on said 
display, (d) a product discount coupon printed by a 
printer, (e) a product discount coupon printed by a 
printer in said accessory. 

16. The system of claim 12, wherein said host sys- 
tem electronically communicates an accounting record of 
said transaction to a database associated with a computer 
system of said user; 

wherein said database is updated by said transac- 
tion . 

17. A method of enhancing security of user identi- 
fication during a transaction, and optionally rewarding 
said user for making said transaction, the method includ- 
ing the following steps: 

(a) providing at a point of said transaction a 
self-contained microprocessor-controlled modular signa- 
ture capture device that includes a writing/display unit 
that includes a pressure pad responsive to writing there- 
on with a stylus, and includes a liquid crystal display 
superimposed with said pressure pad, wherein writing on 
said pressure pad appears as an image on said display, 
said device including interface circuitry that permits 
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operatively coupling with least one add-on accessory, 
said device including communication interface circuitry 
enabling said device to be coupled to a communications 
link for data transfer to an electronic system; 
5 and 

(b) coupling a host electronic system via a said 
communications link to said device; 

(c) entering purchase data for said transaction 
into said host electronic system, whereupon a dollar 

10 amount due is determined; 

(d) said user entering into said transaction intro- 
ducing a PIN, previously stored within a user card read- 
able by said device, into said device using said card; 

(e) said user in realtime now entering a user PIN 
15 into said device; 

(f) whereupon if said device confirms identity 
between said PIN introduced at step (d) and at step (e) 
said user is confirmed as owner of said card and said 
transaction may proceed further, but if no said identity 

20 is confirmed, said transaction is aborted; 

(g) said device reading from said card said user's 
account number and account location and communication 
such information to said host electronic system; 

(h) coupling said host electronic system to a cen- 
25 tral clearinghouse for substantial realtime confirmation 

that said user's said account number bears sufficient 
funds for said transaction; and 

(i) if sufficient funds in said account number are 
present and if said transaction is not otherwise aborted, 

3 0 debiting said account number by an amount for said 

transaction, and transferring said amount to an account 

44 



WO 98/50876 



PCT7US98/09448 



of a provider of goods or services represented by said 
transaction . 

(e) if said device , said host electronic system 
being associated with said point of transaction, coupled 
5 to said device via said communication interface circuit- 
ry; 

wherein a transaction at said point of transaction 
is itemized and entered into said host system; 

wherein payment for said transaction is accomplished 
10 by a user inputting a user PIN into said device and writ- 
ing a signature on said pressure paid; 

said device comparing the user input PIN with a PIN 
stored in a card read by said device and if there is 
substantial identity between each said PIN, said transac- 
15 tion may proceed; 

wherein said device via said host system causes a 
decrement to a user account identified on a said card in 
an amount due for said transaction. 

2 0 18. The method of claim 17, wherein: 

said card is selected from the group consisting of 
(1) a card carrying at least two stripes of magnetic 
media, and (ii) a smart card; 

the user input PIN is protected by at least one 
25 technique selected from the group consisting of (i) DES- 
encrypting PIN data input to said device by said user, 
(ii) Master/Session key managing PIN data input to said 
device by said user, (iii) DUKPT key managing PIN data 
input to said device by said user, (iv) using as PIN data 

3 0 input to said device by said user a device -generated 

token representing a device -scanned portion of a finger 
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of said user, wherein said token is compared by said 
device with a card- stored previously generated token of a 
portion of said finger, and (v) erasing user data stored 
in device upon detection of tampering with a housing 



19. The method of claim 17, further including: 
(f ) said host electronic system presenting to said 
device at least one presentation selected from the group 

10 consisting of (i) an advertisement presented on said 
display, (ii) an animated video sequence presented on 
said display, (iii) an oral message presented via a 
transducer in said display, (iv) a promotional message 
presented on said display, (v) a discount coupon present - 

15 ed on said display, (vi) a discount coupon printed by a 
printer coupled to said device, and (vii) a discount 
coupon printed by a printer in a said accessory coupled 
to said device . 

20 20. The method of claim 17, further including at 

least one step selected from the group consisting of: 

(f) said host generating and causing to be stored a 
profile of purchases evidenced by transactions made by 
said user, wherein said profile is useable to determine 

25 effectiveness of advertising and/or display of items 
comprising said transaction; and 

(g) said host generating and causing to be communi- 
cated to a user-specified information link user-useable 
accounting data evidencing said transaction, said 

3 0 accounting data used to update an accounting database 
maintained for said user. 
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